DISA updates draft cloud security guidelines

DISA updates draft cloud security guidelines

As the Department of Defense looks to move more resources to the cloud, the Defense Information Systems Agency has updated its draft guidance on cloud security.

The first of three revised documents is an updated version of the Department of Defense Cloud Computing Security Requirements Guide, which “outlines the security model by which DOD will leverage cloud computing along with the security controls and additional requirements necessary for using cloud-based solutions.”

The next document, a cloud access point (CAP) functional requirements document, identifies the security, network and performance considerations for protecting the Department of Defense Information Network where it meets the cloud service environment. CAPs are designed to detect and prevent an attack before it reaches the DODIN and to provide perimeter defenses and sensing for applications hosted in the commercial cloud service. 

The third document, a draft concept of operations, defines procedures for the organizations that will defend DODIN in the cloud.

All three drafts are available for community review; comments are due by Aug. 22.  

About the Author

Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected